Mercurial > hg
changeset 28648:7fc787e5d8ec
sslutil: store OP_NO_SSL* constants in module scope
An upcoming patch will introduce a global SSLContext type so we
have a single function used to wrap sockets. Prepare for that by
introducing module level constants for disabling SSLv2 and SSLv3.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 27 Mar 2016 10:47:24 -0700 |
| parents | 834d1c4ba749 |
| children | 7acab42ef184 |
| files | mercurial/sslutil.py |
| diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Sun Mar 27 14:07:06 2016 -0700 +++ b/mercurial/sslutil.py Sun Mar 27 10:47:24 2016 -0700 @@ -29,6 +29,13 @@ hassni = getattr(ssl, 'HAS_SNI', False) +try: + OP_NO_SSLv2 = ssl.OP_NO_SSLv2 + OP_NO_SSLv3 = ssl.OP_NO_SSLv3 +except AttributeError: + OP_NO_SSLv2 = 0x1000000 + OP_NO_SSLv3 = 0x2000000 + _canloaddefaultcerts = False try: # ssl.SSLContext was added in 2.7.9 and presence indicates modern @@ -48,7 +55,7 @@ # maintainers for us, but that breaks too many things to # do it in a hurry. sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - sslcontext.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 + sslcontext.options |= OP_NO_SSLv2 | OP_NO_SSLv3 if certfile is not None: def password(): f = keyfile or certfile